There is no regulation which requires an account be risk rated at account opening. Depending on how you actually risk rate clients, manual or through an automated system, it may be subsequent to the completion of the client acceptance process or at some reasonable point down the road.
You're right that it's not a specific regulatory requirement to risk rate every customer at account opening. But you better have a strong enough CDD program to identify the truly high risk customers right off the bat, especially if you're 1 billion+. Otherwise, you could easily find out how much examiners like to shoehorn best practices into regulatory violations using the "internal control" pillar.